← Back to CVE List

CVE-2019-16768

Published: 2019-12-05T20:15Z
Last Modified: 2024-11-21T04:31Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system information may leak and be visible to the customer. A validation message with the exception details will be presented to the user when one will try to log into the shop. This has been patched in versions 1.3.14, 1.4.10, 1.5.7, and 1.6.3. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt